Remote Support

Remote Access Icon Providing cost-effective local computer repair and network support in the middle Tennessee area

Employee Login             Customer Login

Share on Twitter Share on Stumble Upon Share on Facebook
Youtube icon

Nashville 615-369-9829 | Memphis 901-567-9882 | Knoxville 865-622-2801

Atlanta, Ga 678-952-8744 | Toll Free 1-877-270-0001


Home About Us Onsite Services Cloud Services Industry Experience Inquiries
Virus removal technician removing computer malware

©Smithtechres.com 2011 - 2015 All Rights Reserved.


Useful Links

  >  Contact Us

   ________________________________

  >  Get Support

   ________________________________

  >  Privacy Policy

   ________________________________

  >  SiteMap

The Zeroaccess (Sirefef) root kit has become very wide spread in the past few months. It's may be detected by your antivirus utility as, “Virus.Win64.ZAccess.a”, “Generic.dx!Bfnd”, “Virus:Win64/Sirefef.A”, “Trojan.Zeroaccess!Inf4” or “PTCH64_SIREFEF.A”. It's spread by many different techniques, but we've mainly come across computer systems that were infected with it, because the user downloaded and executed some bogus free software tools, software cracks or keygenz for a wide range of applications. Once your computer is infected with this rootkit,  you may receive a warning from Google Chrome that states “ The server's security certificate is revoked”, when you try to access certain websites. Or you may notice that when you open a web browser on the infected system , that you are redirected to various advertising sites such as, "happili.com" and "searchnu.com". If you search for things online, from those sites or not, you start to receive abnormal results, such as more advertising sites, shopping sites, free computer cleaning tools results and just possibly porn video sites being displayed.

This particular root kit also represents a serious threat to your personal information and passwords. So you'll need to keep a close eye on your online accounts for suspicious activity once you have successfully removed Zeroaccess (Virus:Win64/Sirefef.A).



How to remove the Zeroaccess rootkit from your system


Before you start, we suggest that you back up your important data to usb flash drive or some other external media. Also, you should have your original operating system installation discs or your system restore discs handy, because you may need to use them afterwards to repair your Microsoft Windows installation after this rootkit has been removed from your computer.


Now, to download the necessary files that you will need to clean your system of the infection, you may need access to an alternate computer that hasn't been infected by the Zeroaccess rootkit. Since "Trojan.Zeroaccess!inf4" will most likely keep redirecting your browser when you attempt accessing any software security related sites such as, Symantec's and McAfee's sites.

To complete the repair you will need to download:

  1. Combofix
  2. Malwarebytes Anti malware


You may also possibly need your original operating system installation disks, because you may need to repair your Microsoft Windows installation after removing this particular rootkit. Do not attempt to remove this rootkit unless you have access to your original Microsoft Windows installation disks. Otherwise after the rootkit is removed, you might not be able to get back into Windows until the installation files have been repaired by utilizing the installation disks.


  1. First, delete your browser’s temporary Internet files.
  2. Second, disable any antivirus utility programs that you already have installed and run a scan with Combofix. Once it completes it's scan it will most likely need to reboot your system.
  3. Next, install, update and run a full scan with Malwarebytes and repair any infected files that it locates. Just in case, restart your system afterwards.
  4. Open a web browser and attempt doing a google search for a computer software site such as, "Symantec" and if the search results appear normal, continue on to Symantec.com. if it opens without any additional pop-ups, your work is complete. But if you still notice questionable search results, then you will need execute a scan of the infected computer with Greatis Regrun Warrior bootable cd.  And carefully examine any files that it finds to be suspicious. Only remove files that you’re sure are threats. Regrun offers many file lookup options and recommendations to assist you.
  5. Afterwards, your system may have a problem starting Microsoft Windows, because needed Windows system files may have been deleted during the cleaning procedure. At this point, depending on your version of "Microsoft Windows", you may have to repair your installation by utilizing the original installation discs. Once the operating installation has been completed, your work should be done and your system should be back to normal, virus and rootkit free.





The information in this article is provided "as is". It should be used for educational purposes only. Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer.

If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.